Crowdstrike update kills millions of Windows computers worldwide

If you don’t have Crowdstrike security software on your Windows 10+ computers, you’re one of the lucky ones, along with folks running Linux or macOS.

If you do run Crowdstrike on Windows, this is a bad day, because manual, in-person intervention is the only way to get past the infinitely-looping Blue Screen Of Death affecting millions of computers this morning.

Of course, even if you’ve managed to avoid Crowdstrike on Windows, you’re likely to be affected by this bug, because there’s a good chance that services you use are going to be dealing with it today, and in the meantime will be unusable. That includes 911 call systems, airlines, healthcare providers, and banks.

What happened?

In the early hours of July 19, Crowdstrike pushed out an update for its security software. Crowdstrike client software on millions of computers dutifully applied the update, and the nightmare began.

Microsoft’s advice is apparently to try rebooting affected computers… up to 15 times. Apparently, eventually Windows figures out something is wrong and reverts the problematic update. Or possibly Windows runs long enough to download and install the fixed update from Crowdstrike. I don’t know if this is serious advice or not.

IT folks who manage hundreds or even thousands of affected computers are going to have a very bad day. It will be even worse if those computers are using full disk encryption. Some people are opting to recover from backups, but that gets tricky when encryption is used.

The part that really bugs me about this mess is that Crowdstrike staff clearly did not test the problematic update at all before pushing it out. If they had tested it even once, the problem would have been revealed.

Crowdstrike’s stock is apparently tumbling today, and I’m okay with that, because it will provide ample motivation for the company to improve its testing process.

In the meantime, it might be a good idea to take the next few days off, cancel travel plans, and pick up a good book. Unless you’re an IT person, in which case you’re going to be very busy today.

More about this from The Verge.

Brian Krebs reports on the problem.

Followup analysis from The Verge.

A new recovery tool from Microsoft can help with remediation efforts.

Crowdstrike’s Remediation and Guidance Hub.

What is the Blue Screen of Death?

The Blue Screen of Death (BSoD) is an error screen displayed on a Windows computer system after a fatal system error, also known as a system crash. This error occurs when the operating system reaches a condition where it can no longer operate safely, such as a critical system process failure or hardware failure. Here are some key points about the Blue Screen of Death:

1. Appearance: The BSoD typically displays a blue background with white text, detailing the nature of the error. Modern versions of Windows also show a sad face emoticon and a QR code for quick reference to the error details.

2. Causes:
Hardware Issues: Problems with hardware components such as faulty RAM, overheating, or hardware not being properly seated.
Driver Issues: Incompatible or outdated drivers that fail to work correctly with the operating system.
Software Issues: Bugs in the operating system or other critical software components.
Corrupted System Files: Essential files required for the operating system to run properly may be missing or damaged.
Overclocking: Running hardware components at speeds higher than their default settings can lead to instability.

3. Error Codes: The BSoD displays a stop code, which helps diagnose the cause of the crash. These codes can be looked up to understand the specific error.

4. Prevention and Troubleshooting:
Regular Updates: Keeping the operating system and drivers up to date can prevent many causes of BSoD.
Hardware Checks: Regularly checking hardware components for faults and ensuring they are properly installed.
System Scans: Running regular scans for malware and corrupted system files.
Safe Mode: Booting into Safe Mode to troubleshoot and isolate the cause of the crash.

5. Recovery: After a BSoD, the system may automatically restart. Users can also use recovery tools provided by Windows, such as System Restore, to revert the system to a previous state.

The Blue Screen of Death is a critical indicator of serious issues that need immediate attention to prevent further damage and to restore system stability.

(Ed: written by ChatGPT; verified by jrivett.)

Google Search ‘Classic’

You may have noticed that Google Search results are getting crappier. The ads are still fairly unobtrusive, but a typical search results page is filled with other junk that is often of no interest at all.

The good news is that Google just enabled a new feature in Search that may remind you of the good old days when search results were less cluttered. It’s called ‘Web search’. No kidding.

Google's new web search feature

To see Web search in action, go to google.com and search for something. Near the top of the search results page, you should see a horizontal menu, starting with ‘All’, ‘Images’, and ‘Videos’. Click the ‘More’ entry, and select ‘Web’.

As you can see, this cleans up the results page significantly.

I like this feature so much that I’ve made it my default search in Firefox. Here’s how to do that:

  1. By default, you can’t add custom search engines to Firefox. To enable that function, enter about:config in Firefox’s address bar and press Enter. You’ll be asked if you’re sure you want to proceed; click ‘Accept the risk’. Then type browser.urlbar.update2.engineAliasRefresh. You should see a small ‘+’ box to the right. Click that.
  2. Click Firefox’s ‘hamburger’ menu button, which looks like three horizontal lines, at the top right. Select ‘Settings’.
  3. Click ‘Search’ in the left sidebar.
  4. Firefox search settings

  5. Scroll down to the ‘Search Shortcuts’ list. At the botton of that list, there should be an ‘Add’ button. Click that.
  6. Firefox Add Search dialogIn the small dialog that appears, enter a name for the new search (I call it ‘Google Classic’), the URL https://www.google.com/search?q=%s&udm=14, and then give it a shortcut alias like ‘gc’. Then click ‘Add Engine’.
  7. Scroll up the Settings page until you see ‘Default Search Engine’. Click the drop-down list and select the search engine you just added.

After making these changes, searches you perform in Firefox (by entering search terms in the address bar or search box) should produce ‘Web’ search results.

How good is your password?

There’s a new chart from Hive Systems that you can use to determine how resistant your password is to brute-force cracking.

Password strength chart

Keep in mind that this is a moving target. As processor power increases and new technology arrives, brute-force attacks get faster. So if you have a similar chart published a couple of years ago, it’s likely already out of date. That’s why they included the year at the top of the chart.

It’s easy to use: find the intersection of your password’s length with its character combination.

So, for example, ‘718462’ can be cracked instantly, as can ‘xgts’.

Note that this chart does not show the effect of dictionary attacks, which are typically tried before the brute-force approach. A dictionary attack tries to guess a password based on a list of common passwords.

If your password is in the red or purple areas, you should really think about making it longer and more complex. Longer, more complicated passwords are also more difficult to remember, especially when you use a different password for every site and service (and you really should), but there’s a simple solution to that: use a password database.

I use both Password Corral, which is a free, standalone Windows program, and 1Password, which is not free, but has some useful features.

Given that most of the web-based password managers have been hacked at one time or another, I still recommend using standalone software if possible.

Automattic sold your site data for years

If you installed and activated the popular Jetpack plugin on a self-hosted WordPress web site after 2013, and didn’t bother to read the fine print when accepting Jetpack’s Terms of Service, Automattic (the company that makes Jetpack) surreptitiously gathered your site’s data and sold it to social media and data analytics companies.

Jetpack is a free plugin that adds a useful collection of features to WordPress, including social media buttons and sharing, Markdown support, security, backups, anti-spam, stats, and so on. Some of these features have been very useful for the sites I’ve managed over the years.

How was Automattic able to do this?

There’s a somewhat hidden setting that controls whether Jetpack siphons data from your site and sends it to the Automattic mothership. Navigate to the Jetpack Dashboard, scroll to the bottom of the page, and click ‘Modules’. The setting you’re looking for (prior to Jetpack 13.3) is ‘Enhanced Distribution’. It should be named ‘Donate your content to Automattic and allow them to sell it and keep all the proceeds’.

Even if all the more obvious Jetpack features are disabled, if ‘Enhanced Distribution’ is enabled, Jetpack is sending your data to Automattic.

Making matters even worse, Jetpack updates have a nasty habit of re-enabling previously-disabled features or reverting to default settings. Whether this affected ‘Enhanced Distribution’ or not is unclear.

The Firehose

Automattic sold your site data as part of a product called Firehose, which potentially contained all of the original content from your site. Here’s the first paragraph from the Firehose product page:

WordPress publishers and visitors produce thousands of new posts and comments every hour. These content streams are available in three real-time formats from redundant servers. These streams are intended for partners like search engines, artificial intelligence (AI) products and market intelligence providers who would like to ingest a real-time stream of new content from a wide spectrum of publishers.

What does Automattic say about this?

A recent post on the wordpress.org support forum asked about Jetpack Backup & AI. Here’s how Automattic responded:

They will retire Firehose, but…

We have sold our Firehose to social and data analytics companies, and we have also used some distribution partners (like Socialgist) to sell the Firehose to these types of end users.

The release notes for Jetpack 13.3 (2024-April-03) shows this: “Enhanced Distribution: begin deprecation process as the Firehose is winding down.” The only obvious difference is that ‘Enhanced Distribution’ is no longer listed on Jetpack’s Modules page. Hopefully that means the option is now also disabled for all sites, not just further hidden.

They never sold to AI companies and don’t plan to

Neither we or our distribution partners sell the Firehose to any companies that are training LLMs or to any generative AI companies.

Enhanced distribution is a feature that was released in 2013 with the purpose of driving traffic by giving blogs additional readership in the WordPress.com Reader. Content from those sites were gathered with approval by accepting the terms of service. Our partners were social and data analytics companies.

Automattic also published an article titled ‘Protecting User Choice’, a response to concerns about selling data to AI companies.

Okay, but…

If you were about to point out that posting anything on a public-facing web site makes it available for anyone to use: okay, sure, but Automattic SOLD the data they gathered. I never expected to make any money from this site, but that doesn’t mean I’m happy about anyone else making money from it.

Recommendations

Stop using Jetpack. Automattic has done, is doing, and will in all likelihood continue to do some shady things. I regret ignoring the advice I received years ago to stop using Jetpack, and can only hope that any damage caused to clients due to my recommendation and use of Jetpack is minimal.

If you can’t avoid using Jetpack, please disable the ‘Enhanced Distribution’ module. Unfortunately, if you’re using version 13.3, it’s not clear how this can be accomplished.

Most of the features provided by Jetpack can be found in other free plugins. Switching to alternatives for the functions you actually need has the additional advantage of eliminating the overhead of what is now quite a bulky Jetpack.

Here are a few alternatives to Jetpack for specific functionality:

And there are many more possibilities. Jetpack certainly was a handy and simple way to add a lot of useful functionality to WordPress. But Automattic has demonstrated that they are willing to sneakily sell your site data, and I just can’t trust them anymore.

Microsoft’s Edge-related shenanigans continue

There’s apparently a team of people at Microsoft who spend all their time trying to come up with sneaky ways to get Windows users to switch to Edge as their default web browser. To be clear, I have no direct evidence that such a team exists, but it seems likely.

The latest trick? Automatically importing Chrome bookmarks into Edge, then sneakily running Edge instead of Chrome, presumably in the hope that some users will fail to notice the difference.

In practise, though, I doubt many people will be fooled, because site passwords are not imported along with the bookmarks. They will, I think, realize that something funny is going on when their site passwords are missing.

I wonder how far Microsoft is willing to go with these tricks. They’ve been doing this kind of thing since the early Internet Explorer days, so it’s nothing new. The company has been spanked from time to time for these shenanigans, but those spankings don’t seem to have been much of a deterrent.

Tom Warren over at The Verge has the details of his own encounter with this latest trick.

UPDATE 2024Feb16: The Verge reports that Microsoft has quietly changed this behaviour in Edge, calling it a ‘bug’. Riiiiiiiight.

Microsoft can’t stop bugging us about Edge

They just can’t help themselves. Microsoft’s latest attempt to prevent Windows users from switching away from their browser of choice takes the form of a large panel that appears in Edge when you download another browser.

I suppose that as long as what they’re doing is legal, they’re just being pushy. Still, one could argue that they have an unfair advantage: the user has to use Edge to download another browser on Windows. But regardless of its legality, this behaviour is very annoying.

The Verge posted a useful summary of Microsoft’s recent attempts to steer Windows users away from other web browsers.

At least this latest intrusion seems like a sincere attempt to understand why many Windows users run Edge only to download a different browser. However, there are a few obvious answers missing from the poll:

  1. Edge won’t let me run an ad blocker or a script blocker (not actually true, but commonly believed).
  2. I hate Microsoft, and only use Windows grudgingly. I avoid Microsoft software as much as possible.
  3. I don’t trust Microsoft any more than I have to.
  4. Edge is just another way for Microsoft to shove ads down my throat.
  5. Edge doesn’t support the plugins I want to use.
  6. Windows is already more intrusive than I would like.
  7. I can’t really control how much Edge communicates with the Microsoft mothership.

And of course it could be much worse. Microsoft could nag you every time you start a non-Edge browser, when you start Windows, or even at random intervals. This latest nag screen only appears once, when you run Edge that first and only time you need it, to download a non-Edge browser.

What else will Microsoft try? Will they actually pay any attention to the results of this intrusive poll?

Dear Microsoft: if you want people to use Edge, try making it better than the other available browsers. You know, compete.

Bug causes clock problems on Windows 10, 11, Windows Server

A recently-discovered bug in newer versions of Windows is causing bizarre local time shifts.

Keeping accurate time on computers is important for a lot of reasons, many of which are not obvious to non-technical users. Update schedules, scheduled background tasks, synchronization with server and cloud resources, and many other time-sensitive processes depend on your PC maintaining accurate time.

Because it’s so important, and because various factors can sometimes cause a PC’s clock to drift, operating systems use a variety of methods to check and adjust it. The most obvious of these in Windows can be seen in Windows 10 and 11 in Settings > Time & Language. Windows regularly compares the PC’s clock with an Internet-based clock, such as time.windows.com. When a discrepancy is observed, the PC’s clock is updated.

Between a PC’s internal clock and Windows’ time synchronization, most Windows-based computers are able to maintain accurate time.

But at some point, someone at Microsoft decided that Windows needed additional time checks. So they created something called Secure Time Seeding. This function regularly analyzes secure network traffic from a ‘known good’ host computer, and calculates the current time based on what it sees.

Sounds good, right? Anything that makes the clock more accurate is good, right? Well, no. There’s at least one major problem with Secure Time Seeding, which causes it to get confused about the date and time, and can set your computer’s time based on random values. This has been observed to incorrectly change the Windows clock by minutes, hours, days, or more. As you can imagine, this causes all manner of strange problems.

Microsoft’s response to the report of this bug has been disappointing: they are downplaying its scope and effects. And while it’s true that there are very few reports of this happening, the problems it can cause are bad enough that anyone running Windows 10 and up or Windows Server 2016 and up should disable Secure Time Seeding.

To disable Secure Time Seeding on a Windows 10 or 11 PC, follow the instructions provided by Microsoft.

Trying to make sense of the actions and statements of a corporate behemoth like Microsoft is an exercise in futility. It’s possible that they will realize that this bug is actually very bad, and fix it, or they may find a way to limit its effects, or they may change the feature so that it’s disabled by default. But in the meantime, there are potentially millions of computers out there that might start exhibiting strange clock problems for the forseeable future.

What is a terminal?

A terminal, also known as a command-line interface (CLI), shell, or console, is a text-based interface used to interact with a computer’s operating system. It provides a way for users to execute commands by typing them as text input, rather than using a graphical user interface (GUI) with buttons and menus.

When you open a terminal, you’ll typically see a command prompt, which is a line of text that awaits your input. You can then type various commands, which the terminal interprets and executes, allowing you to perform a wide range of tasks, such as navigating the file system, running programs, configuring system settings, managing processes, and more.

Terminals are particularly favored by developers, system administrators, and power users because they offer more direct and efficient control over the computer compared to GUIs. They are commonly found in Unix-based systems (e.g., Linux and macOS) and can also be accessed on Windows systems through the “Command Prompt” or “PowerShell” applications.

The terminal environment is highly flexible, allowing users to automate tasks using scripts, manage remote systems through SSH (Secure Shell), and access powerful command-line utilities and tools. While using a terminal can have a learning curve, it provides a robust and versatile way to interact with a computer and is an essential tool for many technical professionals.

(Ed: written by ChatGPT; verified by jrivett.)

What is the cloud?

The term “cloud” typically refers to cloud computing or cloud services. In the context of technology, the cloud refers to a network of remote servers that are hosted on the internet and used to store, manage, and process data. These servers are usually owned and maintained by a third-party provider, such as Amazon Web Services (AWS), Microsoft Azure, or Google Cloud.

Cloud computing allows users to access computing resources and services over the internet on-demand, without the need for local infrastructure or hardware. It provides a convenient way to store and access data, run applications, and perform various computational tasks without relying heavily on physical devices.

One of the key advantages of cloud computing is scalability. Users can easily scale up or scale down their computing resources based on their needs, without having to invest in expensive hardware upgrades or worry about infrastructure maintenance. The cloud also offers flexibility, as users can access their data and applications from any device with an internet connection.

Cloud services are typically offered in different models, including Infrastructure as a Service (IaaS), Platform as a Service (PaaS), and Software as a Service (SaaS). These models provide varying levels of control and management over the underlying infrastructure, allowing users to choose the level of abstraction that best suits their requirements.

Overall, the cloud has revolutionized the way businesses and individuals store, access, and utilize data and computing resources, offering increased efficiency, cost-effectiveness, and flexibility compared to traditional on-premises solutions.

(Ed: written by ChatGPT; verified by jrivett.)

Rants and musings on topics of interest. Sometimes about Windows, Linux, security and cool software.